Friday, October 11, 2013

One of the most difficult challenges for us is to debug Backup Exec 2010 R3 failures. It seems like they are very frequent and it could be a full time job just keeping backups running! And you know it's Friday - we can't break anything before the weekend, so we have to be ultra careful with the 'god switch'. But, Backups are important to fix, even if they're hard - right?

Microsoft VSS is a technology that powers the 'previous versions' option on Windows file servers. It's pretty much a snapshot service like what you might have seen in another product (NetApp Filers for example), but its baked into Windows. So it doesn't take a lot of work to set a server up to create a backup copy occasionally. By default these snapshots happen at 7am and 12:00pm every day. But you can add or change the schedule to fit your needs.

VSS copies files even if they are currently open. So it also is used when making backups. Because that way the file does not need to be locked, released, or entirely skipped during a backup. Backup Exec has the ability to use the Microsoft VSS driver, but there is also an optional Symantec one available.

When backing up a system it is very helpful to have the Backup Exec Remote agent installed. Otherwise the backup just accesses the file through the usual file sharing methods. Backups with the agent can use VSS, and run much faster.

Troubleshooting backups that fail is very time consuming. Troubleshooting those that fail due to VSS has been pretty challenging! Here is a great blog post on the /misc/tech/musings blog that is really sweet!

Using this information allowed me to get VSS working on a profile server without restarting the machine. Good news on a Friday before a long weekend! (With thanks to Will for pointing me to VSS yesterday!)

Thursday, October 10, 2013

The Echo Chamber Speaks

Microsoft Security Essentials - It's bad! No, wait, no it's good enough!For a few years now, security professionals such as myself have recommended to home users to run Microsoft Security Essentials as a good, basic, free anti-virus program. The internet echo chamber has made much of a recent interview with Holly Stewart, senior program manager of the Microsoft Malware Protection Center. She indicated that the company is no longer focusing on making MSE the 'best' testing anti-virus program but rather they are focusing on providing information to the community of anti-virus and anti-malware software makers. (A rising tide lifts all boats...)

Thus putting out a nuanced message completely misunderstood in the wild. It seems like every tech journalist is jumping on the "dump MSE" craze. But I have to say that is just a bit too quick.

For the home user that needs something basic that doesn't break when the subscription needs to be renewed, MSE is still a good solution. (With windows firewall, Secunia PSI and Malwarebytes...)

What others should learn from MSE

One thing that some other providers should learn from Microsoft is that you CAN make an antivirus product that doesn't get in your face all the time and demand attention. For example Avast's free antivirus is just bloody needy, and AVG free which I used to recommend hides the download link behind a ton of advertising (for the fee based version) - and it has a habit of forcing you to upgrade (and find that hidden link) every so often.

The time-limited trials that come on OEM equipment are also a bad idea. I would like to know what percentage of these free trials are never updated after the trial period expires? I have seen a lot of home machines that have expired 'trial' antivirus. And worse, sometimes it is a poorly rated product to begin with! Both of these issues lead to computers that have out of date or not functional antivirus... MSE is better than that, as a baseline.

Greater Concern - Windows InTune

I don't have a concern about home users running MSE - if Windows Firewall is running - and patches are updated. In fact I set up systems with MSE and Secunia's wonderful PSI which helps me to keep everything patched and up to date. MalwareBytes free can tighten up the anti-malware side. Geeks out there can take a look at Microsoft's EMET for other options.

But for businesses that use Windows In-Tune the question is how does the lack of sharpness around MSE's detection and mitigation capability affect the anti-virus offering in Windows In-Tune?
We already know that we can't use another provider's anti-malware product with Windows In-Tune.

Is MSE the same as EndPoint Protection?

It seems that Endpoint Protection includes additional tools for deployment and management. That's not helping improve detection....

And this from the big brother product "System Center Endpoint Protection."

So, until we hear otherwise we have to assume that Windows In-Tune only provides basic protection.
Oh - and forget beefing it up with an after-market product.

On a strategy note - I think that Windows In-Tune would benefit from integration of different anti-malware products with something like an App Store strategy. Windows In-Tune is a great idea (one that could put me into retirement!) that needs a little more secure underpinnings...